Ben Cartwright-Cox via NANOG wrote on 16/01/2025 21:29:
I mean sure, but if ARIN is being named directly I assume that all or
almost all of it is going to go to ARIN!
not all the US federal government's interests reside in the USA.
Nick
ger timer two orders of magnitude faster than the
general case of DFZ reconvergence. I can't see that this would help
overall inter-domain routing stability.
Nick
.
Nick
2024/09/Roadmap-to-Enhancing-Internet-Routing-Security.pdf
This style of document should be taken as notification that interdomain
routing security is fresh on the table of regulatory bodies in the US.
Nick
passing electrical fuse boxes is a poor idea, or
removing railings on stair-cases, or not wearing motorbike helmets, or
anything else designed to mitigate the unfortunate consequences of
entirely predictable accidents.
Nick
ROA/etc.
You mean obstruction of justice, with intent?
Let us know how that goes.
Nick
l open you up to wide range of
routing security problems. I'd be fairly hesitant to implement bilateral
peering sessions as a general rule, except with networks that are large
enough that they've made the effort to implement good quality filtering
at their ixp presence.
Nick
or 1800s.
But a token is a token, right?
Nick
(fwiw, my cat's name is "ofo0tL1!Rgz8WPQ+")
e compiles even without warnings, which
is pretty good. I'm sure it would be pretty straightforward for a C dev
to get it to compile again. Whether you'd want this or not is a
different issue :)
Nick
Anyone with a clue from 5650 monitoring this list?
I'm in the process of turning up a new transit circuit from 5650 and my
account management team has been less than helpful.
The normal contacts aren't getting me anywhere.
Thank you!
Apologies for cross-post - no luck using the VoiceOps list.
Sent to VO 04/10:
Hello, we have a fun issue we are attempting to troubleshoot with an end
user having problems reaching local businesses utilizing Comcast (unsure if
the end product is POTS over Coax or VoiceEdge). SPID: Comcast IP Phone
On Thu, Apr 11, 2024 at 3:40 PM Randy Bush wrote:
> > Amazon's spider got stuck there a month or two ago but fortunately I was
> > able to find someone to pass the word and it stopped. Got any contacts
> > at OpenAI?
>
> why? you are doing a societal good by ensnaring them. dig a deeper
> hole
eakness.
Tools should be chosen to fit the job. There are plenty of situations
where sflow is ideal. There are others where netflow is preferable.
Nick
In the same vein, if you can get your devices exporting sFlow, or for
others reading that do have sFlow capable devices: the sFlow-RT team has
built ready to deploy, all in one docker containers using Grafana and
Prometheus that you can stand up within minutes to start visualizing and
easily queryi
m operator.
Cable modem rent is a political issue.
Nick
th
in terms of subscriber services handoff and management. The requirements
for ipv6 support are very clearly defined in the cablelabs docsis 3.0
specification.
Nick
support is generally excellent on
docsis networks. This includes end-user device support, management,
client and server side provisioning, the works. This is one of the real
ipv6 success stories in the service provider arena.
Nick
y aren't going to be interested in engaging with you
if you're not a customer. It's a pickle.
Nick
n shared billing mechanism built in.
Nick
workaround.
In terms of hard landings vs soft landings, what will make ipv6 succeed
is how compelling ipv6 is, rather than whether someone created a policy
to make ipv4 less palatable. In particular, any effect from a hard
landing compared would have been ephemeral.
Nick
fferent in each
RIR service area, but it's not going to change anything fundamental
here, or permanently move the dial: ipv4 will still be a scarce resource
afterwards.
Nick
than 1Y of consumption, assuming no demand
back-pressure, which seems an unlikely assumption.
Nick
Dave Taht wrote on 11/01/2024 09:40:
240/4 is intensely routable and actually used in routers along hops
inside multiple networkstoday, but less so as a destination.
240/4 is fine for private use, but the OP needed publicly routable IP
addresses, which 240/4 are definitely not.
Nick
Tom Beecher wrote on 10/01/2024 15:12:
( Unless people are transferring RFC1918 space these days, in which case
who wants to make me an offer for 10/8? )
I'm taking bids on 256.0.0.0/8, which is every bit as publicly routable
as 240/4.
Nick
cases where FIB compression makes a lot of sense,
e.g. leaf sites, etc. Conversely, it's not a generally appropriate
technology for a dense dfz core device. It's a tool in the toolbox, one
of many.
Nick
it; it's
just less crocked than other approaches where there are no guarantees
about device and bearer circuit behaviour.
Nick
individual bearer channels have identical transmission characteristics.
Then multiply that across the N load-balanced hops that each flow will
take between source and destination. It's true that per-hash load
balancing is a nuisance, but it works better in practice on larger
heterogeneous networks than RR.
Nick
said reminds me of the old saying: in theory, there's no
difference between theory and practice, but in practice there is.
Nick
Masataka Ohta wrote on 02/09/2023 16:04:
100 50Mbps flows are as harmful as 1 5Gbps flow.
This is quite an unusual opinion. Maybe you could explain?
Nick
s which are then assigned for
other purposes. This is a subset of #1, but is messy and difficult to
rectify when it happens. Great for fuzzing, not so good for production
networks.
Nick
.
A good deal of thought has gone into the problem, and this is where
rfc7606 came from. Treat-as-withdraw for the NLRI in question is the
default option with this approach, and should be deployed universally.
Nick
and vyos - both contain code to parse junos style
configurations. Just bear in mind that they provide basic tokeniser
functionality, which parses the configurations into token trees. The
config interpretation can then be handled on a modular basis.
Nick
reinvent that wheel:
root@foo> show configuration | display xml
root@foo> show configuration | display json
... then slurp into an ingestion engine in your favourite language.
Nick
n this
platform, and it's not possible to fix. It would need a complete CLI/API
redesign.
Nick
Malte Tashiro wrote on 12/08/2023 04:50:
Looking at this I also saw that for a short time some prefixes belonging
to AS37451 were announced by AS2454388738 (see [0] and [1]).
Anybody have a smart idea which command could have caused this?
AS2454388738 == AS37451.2, in asdot format.
Nick
or it.
bgp is a policy based distance vector protocol. If you can't adjust the
primary inter-domain metric to handle your policy requirements, it's not
much use.
Nick
e visually similarly enough to each
other that it would be easy not to notice.
Nick
set-bgp-prepend-path".
https://wiki.mikrotik.com/wiki/Manual:Routing/Routing_filters
Nick
are welcome to continue
your participation longer.
See the form below for more information, including how to participate:
https://uchicago.co1.qualtrics.com/jfe/form/SV_eCFrZhRhNphkVGm
Thanks,
Nick Feamster and Francesco Bronzino
good month for them in
> regards to cooling..
>
> On Jun 12, 2023 7:15 PM, George Herbert wrote:
>
> Oof. Get ready to replace all spinning media you may have there.
>
> -George
>
> Sent from my iPhone
>
> > On Jun 12, 2023, at 4:06 PM, Nick Olsen wrote:
>
Just a heads up to anyone else colo'd at 365 TPA1/TAMSFLDE. Currently
seeing floor temps of ~105F as reported by equipment. Started yesterday at
~5:30PM eastern. 2nd AC failure in the last 30 days. They have not sent any
advisory notices as of yet.
Not that it's a "Fix" but have you tried rebooting the box? If this is a
bug in the forwarding plane that might clear/rebuild it. And maybe it works
correctly after that.
Friend saw something similar on a Juniper MX with DPC cards that had run
out of FIB space. It would show correctly in all place
from implementing an excess prepending
policy.
Nick
There's 69,055 pure /24's allocated or assigned directly from an RIRs. At least
c,d,e, and g root servers only have /24s allocated to them. Major services like
Cloudflare only advertise the /24 without advertising an aggregate.
Unless you're also getting a default from upstream, it sounds like
> especially as it's *known* that email is not a reliable method of
> communication
That's the problem - it is *not* known by most ordinary folks that
email is not reliable. They all think it *is* reliable.
Nick
On Wed, 24 Aug 2022 at 17:34, Anne Mitchell wrote:
>
>
Masataka Ohta wrote on 07/08/2022 12:16:
Ethernet switches with small buffer is enough for IXes
That would not be the experience of IXP operators.
Nick
Oddly enough I *do* see this via Verizon-but-XO:
182.61.200.0/22*[BGP/170] 3d 09:25:39, MED 100, localpref 100
AS path: 2828 4134 23724 38365 I, validation-state:
unverified
On Wed, Jul 20, 2022, at 3:18 PM, holow29 wrote:
>
> To follow up on this:
> I've engaged Veri
.
Nick
Nehul,
He was running the 15 code train. I think 15.1R6.7. But don't take that as
fact. I just know it was 15 for sure.
From: Nehul Patel
Sent: Thursday, May 5, 2022 6:40 PM
To: Nick Olsen
Cc: nanog@nanog.org
Subject: Re: Strange behavior on the Juniper
Friend of mine had this issue recently on an MX chassis running DPC's and
RE-2000's.
The extend memory command others have mentioned worked for him.
His instance drove us crazy for a bit. The device would learn a route, show
that it was installed (show routes) but traffic to said prefix would b
The fact that it even has to come to this idea is ridiculous but I wonder about
the success of holding a normal customer account with repeat offending
streaming services so you could report this, by proxy, /as/ a customer.
On Fri, Apr 29, 2022, at 8:38 AM, Josh Luthman wrote:
> >Disney+ appear
+ pics:
https://twitter.com/acontios_net/status/1519296590015606787
https://twitter.com/acontios_net/status/1519280710762348545
https://twitter.com/acontios_net/status/1519276453350805504
Nick
Paul Ferguson wrote on 27/04/2022 15:17:
On 4/27/22 7:08 AM, Sean Donelan wrote:
Multiple
at db doesn't include the last-modified
timestamp, and the changed: attribute is unreliable.
Nick
iating
many of the claims that are made here and elsewhere about ipv6 popularity.
Nick
You're correct.
This the lab setup and rstp was set to the default, so I only got the commit
check to pass only when I deleted [protocols rstp].
On Fri, Feb 11, 2022, at 8:09 PM, Lyndon Nerenberg (VE7TFX/VE6BBM) wrote:
> Nick Suan via NANOG writes:
>> I was actually interested
I was actually interested to see if the EX series would let me do this, and it
turns out that if STP is enabled on any of the switch interfaces, it won't:
tevruden@core-02# delete interfaces
{master:0}[edit]
tevruden@core-02# commit check
[edit protocols rstp]
'interface'
XSTP : Interf
While I agree that, yes everything SHOULD support TLS, there's a perfectly good
reason for terminating TLS in something like (nginx/caddy/apache/etc): X
number of things supporting TLS on their web interface means X number of ways
of configuring TLS. If I terminate it on nginx, there's only a
Japan, Europe assigned 3300 - 3800 Mhz for 5G, which is a
good deal further away from the radio altimeter allocation than the US
5G allocation of 3700 - 4000 MHz.
Nick
y were acting within their rights.
Nick
couple of extra config lines per
LSP. The benefit can be substantial in terms of having fine-grained
control of how packets traverse a network, and allow optimisation of
specific policy outcomes, e.g. cost / latency / throughput / pktloss /
qos / etc.
Nick
anger (i.e. anything more than
nd / bonjour / etc), so mld snooping isn't that important for small
switches.
For proper device access control, you also need the ability for the
switch to do ND/RA + DHCP snooping / filtering. Otherwise you open
yourself to rogue routers and/or address assignment.
Nick
isabled on the test paths you're measuring?
Broadly speaking, if you have a point-to-point link from one location to
another (or parallel set of links with a common failure path, e.g. waves
on a specific fibre path), there's a single router at each end.
Nick
Hi Mike,
cloudflare has a web form to report abuse
https://abuse.cloudflare.com/
- Nick
On 1/7/2022 11:06 AM, Mike Hale wrote:
Hi all,
Does anyone have a cloudflare abuse contact? The email address in the
whois doesn't actually go to their abuse team, and their abuse form
doesn'
NO_LOOKUPS=true" environment variable
(v2.10+ only)
The current recommended fixes are:
1. upgrade to 2.16.0 (not 2.15.0), or
2. remove the JndiLookup.class file from log4j-core-*.jar
More details on: https://logging.apache.org/log4j/2.x/security.html
Nick
nstance running something which includes log4j2, you may
already be compromised.
Nick
announce their own local
.root-servers.net address blocks, with consequent security issues for
all end users at the receiving end (+ leakage causing collateral
damage). For all its other flaws, dnssec makes this style of dns
compromise difficult.
Nick
ed in favour of .tl. Apparently, there are two hard problems
facing newly-create states: cash invalidation and naming things.
Nick
ing a
firmware upgrade on her printer or that her day would end up better for
having learned about DHCP assignment policies on her CPE.
They could even email her a copy of the RFC and a link to the IETF
working group if she felt there was a problem.
Nick
but C does not.
Then A can talk to B, B can talk to C, but C cannot talk to A. This
does not seem to be addressed in the draft.
Nick
late.
There's no problem implementing these ideas in code and quietly using
the address space in private contexts.
Nick
ip address space in terms of estimated consumption.
Nick
36 for reinstatement and $40 for 1y renewal. The other option was
losing the domain entirely.
There are plenty of other registrars which are completely super to deal
with.
Nick
) people didn't agree
with involvement under embargo when the terms were apparently: we're
releasing details in 4 days and will only tell you what the problem is
if you agree to this.
Regardless of how this misunderstanding came about, this style of
approach doesn't form part of an acceptable vulnerability management
process.
Nick
into the sausage factory produced the mess that's
going to be served for lunch on monday. I.e. let's use this as an
opportunity to learn from the mistakes that were made here.
Nick
ns in a reasonable way when engaging with all parties?
As a separate thing, software authors also need to have clearly defined
security notification points and vulnerability management policies.
Most have in this situation, but not all.
Nick
randy
From: Koen van Hove
Subject: CVD: Vulnerabil
it wasn't.
Nick
status. It did, however, point out how limited RPSL
grammar was :(
Nick
.
Generally speaking, IXPs try to aim for filters based on a single
{as-set,IRRDB set} tuple per RS client configured. If you're aiming for
bilat bgp sessions, then this functionality would need to be replicated.
Nearly 30 years on, this is still the state of the art.
Nick
urpf has its place if your network config build processes aren't
automated to the point that it's no longer necessary. It would be a net
security loss to the internet not to have it widely implemented on
access devices.
Nick
s because there is no way of knowing what a leading
zero means in practice, and for 3-digit numbers where each digit is <=
7, there is no a-priori way of determining whether it's octal
representation or decimal.
Nick
id,
it's easy to be critical of design decisions with 25y of hindsight, and
even easier to understate how difficult it is to dislodge ipv4 which
took 40 years of evolution to cement itself into its current position.
Nick
output complex instructions including optimized
regexps, routing metrics, etc, on a per-prefix, per-asn,
per-interconnection point basis. RPSL attempted these things and
probably failed on all three points. There have been some other
attempts, but none came up with any usable outputs.
Nick
also causes non-deterministic fib resource consumption. On most edge
deployments this won't matter, but it wouldn't be hard to cook up a
topology that could fail in interesting ways. Overall fib compression
is a net win, but you need to be careful with it.
Nick
I've noticed something similar on two networks, however it appears to be trying
to scan port 80:
13:30:26.387183 IP6 2620:96:a000::5. > 2620:135:5005:71::b0c.80: Flags [S],
seq 2063829402, win 65535, length 0
13:30:26.393445 IP6 2620:96:a000::5. > 2620:135:5006:7::703.80: Flags [S],
seq
Not all have implemented it yet. But if you haven't. You were supposed to
implement some kind of robo calling mitigation plan (Or atleast certify
that you have one). At $dayjob we're fully deployed (inbound and outbound).
I received my first ever STIR/SHAKEN signed (iPhone Check mark, highly
scien
Adam Thompson wrote on 14/05/2021 15:44:
I did not know such a thing existed! Cool! Holy murdering your port density,
though. Ouch$$$.
oh the port wastage is completely criminal, but it can be a handy last
resort.
Nick
form factor port to
a SFP+ port. This should allow SFP+ WDM transceivers.
Nick
On Fri, Apr 23, 2021 at 10:49 AM Warren Kumari wrote:
>
>
> Does anyone know of a purpose built tool for this? Something that won't get
> me on the additional screenings lists?
It's not purpose-built, but you may find a traveller hook / Shrum tool
useful. Carolina Roller is one manufacturer. Iro
The portal account isn't even the be all and end all of fixing this, we're
telling google where our endpoints are explicitly with a geofeed, The portal
says the clients are in the right location and for some reason it's still
decided some of our IPs are on the other side of the world.
On Sat,
ompletions:
Enable 3rd party TOM
Any help would be appreciated, thanks!
--
Nick Bogle
Network Engineering Manager
(509) 464-6942 | https://ptera.com/
lity and
having a paper trail.
Nick
them in Sep 2020:
ASNumber: 8003
ASName: GRS-DOD
ASHandle: AS8003
RegDate:2020-09-14
Updated:2020-09-14
Ref:https://rdap.arin.net/registry/autnum/8003
No doubt there is more information about the history of 8003 in WhoWas.
Nick
es in operation?
Nick
throughputs on generic CPU / PCI card systems.
On this style of config, you optimise your driver parameters based on
what works best under the specific conditions.
Polled mode drivers have been around for a while, e.g.
https://svnweb.freebsd.org/base?view=revision&revision=87902
Nick
Randy Bush wrote on 01/02/2021 18:16:
is there a list of public resolvers? e.g. 1.1.1.1, 4.4.4.4, 8.8.8.8,
etc.?
https://public-dns.info/
?
Nick
ke dude I just told you
> what I did to get it working again, offered packet captures, just escalate
> it, but ultimately gave up and hung up.
>
>
>
> David
>
>
>
> *From: *NANOG on
> behalf of Nick Olsen
> *Date: *Sunday, January 24, 2021 at 8:42 PM
> *To: *"
Anyone else seeing weird things on Tampa/Bradenton FIOS connections?
I've got three unrelated customers that cant establishes IPsec back to me.
And a third that can't process credit cards out to their third party
merchant.
Customers are in 47.196.0.0/14.
In All instances, I see the traffic leav
deployment of NFV or
declaration of NFV's death is going to be more along the lines of
wondering why telco proponents were so late to the devops /
containerisation game to start with, and what on earth did they think
was so innovative about it that it deserved yet another marketing label.
Nick
Eric S. Raymond wrote on 11/01/2021 00:00:
Yes, it would. This was an astonnishingly stupid move on AWS's part;
I'm prett sure their counsel was not conmsulted.
this is quite an innovative level of speculation. Care to provide sources?
Nick
ot;you did WHAT?? AGAIN??"
Nick
1 - 100 of 1154 matches
Mail list logo
